An Uprising of DDoS Attacks, a Cause of Concern for Organizations

Some stats your way

• The number of attacks almost doubled between February to September 2020. More than 50 million attacks were observed in the span of a year.
• Businesses with inadequate cybersecurity measures suffered from high-volume attacks of over 50Gbps.
• Attacks became complex with 59% of them being muti-vector attacks. The highest number of vectors used in a single attack was fourteen.
• The longest DDoS attack lasted 5,698 minutes, which equates to four days of continuous onslaught.

Recent trends

• Not only VPNs and APIs, but attackers are targeting every available surface, including databases, CRMs, and web and email servers.
• There has been an increase in flaws that could be exploited by DDoS threat actors who are on the constant lookout for new protocols and ports to exploit.
• The second half of 2020 saw a surge in DDoS extortion efforts by threat actors claiming to be Fancy Bear, Armada Collective, Lazarus, and Cozy Bear. These campaigns targeted financial services, critical infrastructure, hosting providers, and online retailers across the globe.

What's new?

• LittleBigPlanet’s servers were taken offline after fans complained about ongoing DDoS attacks affecting community features.
• Netscout observed DDoS-for-hire services taking up a new amplification vector - Datagram Transport Layer Security (D/TLS). This vector enables attackers to amplify the attacks by a factor of 37. Approximately 4,300 publicly reachable D/TLS servers were found to be vulnerable to the exploit.
• Earlier this month, Google warned of bots causing troubles for businesses, especially through DDoS attacks. While 78% of organizations use DDoS protection, less than a fifth of them have complete bot management measures in place. 
• Lately, Telephony Denial of Service (TDoS) attacks have emerged as another part of DDoS. These attacks are being launched at emergency dispatch centers.

The bottom line